What is it?

Unauthorized and insecure access to UNHCR’s Information and Communications Technology (ICT) Systems, Applications and Services can affect the entire Organization, as well as the security and safety of its persons of concern. Strict and systematic access control measures, therefore, are essential. 

This Administrative Instruction captures key minimum control measures and defines requirements and standards to manage User accounts within UNHCR ICT Systems, Applications, and Services. 

Who does it apply to?

This Administrative Instruction applies to all UNHCR offices and all Authorized Users requiring access to the organization’s ICT Systems, Applications, and Services, including Heads of Offices/ Units, and ICT and Administrative Staff.

Compliance with this Administrative Instruction is mandatory.

What’s covered?

This Administrative Instruction covers:

• User Accounts and Access Rights
  • Authorizing account access
  • Account Expiry 
  • Disabling of User accounts
  • Privileged Access Rights
  • Generic / Shared User and Email accounts
  • Visitor/ Guest accounts
  • External Users
  • Suspension of accounts
• Users’ Authentication Information 
• Responsibilities of Division of Information Systems & Telecommunications (DIST), Head of Office / Unit, Supervisors / Responsible Managers, and Data or System Owners.